CN117896153A - Data processing method, apparatus, device, medium, and program product - Google Patents

Data processing method, apparatus, device, medium, and program product Download PDF

Info

Publication number
CN117896153A
CN117896153A CN202410092543.4A CN202410092543A CN117896153A CN 117896153 A CN117896153 A CN 117896153A CN 202410092543 A CN202410092543 A CN 202410092543A CN 117896153 A CN117896153 A CN 117896153A
Authority
CN
China
Prior art keywords
encryption
data
decryption
information
target webpage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410092543.4A
Other languages
Chinese (zh)
Inventor
同雪梅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202410092543.4A priority Critical patent/CN117896153A/en
Publication of CN117896153A publication Critical patent/CN117896153A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The present disclosure provides a data processing method, apparatus, device, medium and program product, which can be applied to the technical fields of information security and financial science and technology. The data processing method comprises the following steps: in response to receiving a data processing request for transmitting encrypted data to a target webpage, analyzing the data processing request to obtain data to be processed; invoking an encryption and decryption component, and encrypting the data to be processed in an encryption mode matched with the target webpage to obtain encryption information; and transmitting the encrypted information to the target web page. The present disclosure also provides a data processing apparatus, device, storage medium, and program product.

Description

Data processing method, apparatus, device, medium, and program product
Technical Field
The present disclosure relates to the field of information security and financial technology, and more particularly, to a data processing method, apparatus, device, medium, and program product.
Background
The large-scale enterprise supports a plurality of business functions, each business function can independently encrypt and decrypt, and the efficiency is extremely low. In the existing data encryption method, encryption or decryption is generally performed on service layer data in the code development process, and a plurality of services independently call respective algorithms to encrypt or decrypt, so that the efficiency is extremely low. In addition, the encryption and decryption algorithm has high requirements on computing resources, and each service function executes encryption and decryption operation respectively, so that more computing resources are wasted, and the overall performance of the system is reduced.
Disclosure of Invention
In view of the foregoing, the present disclosure provides a data processing method, apparatus, device, medium, and program product.
According to a first aspect of the present disclosure, there is provided a data processing method comprising: in response to receiving a data processing request for transmitting encrypted data to a target webpage, analyzing the data processing request to obtain data to be processed; invoking an encryption and decryption component, and encrypting the data to be processed in an encryption mode matched with the target webpage to obtain encryption information; and transmitting the encrypted information to the target web page.
According to an embodiment of the disclosure, the encryption and decryption component includes M security protocols and N encryption algorithms, M is a positive integer greater than 1, N is a positive integer greater than 1; invoking an encryption and decryption assembly to encrypt data to be processed in an encryption mode matched with a target webpage to obtain encryption information, wherein the encryption information comprises the following steps: transmitting the data to be processed to the encryption and decryption assembly through a target transmission interface, wherein the target transmission interface is related to a target webpage; determining a first encryption algorithm and a first security protocol matched with a target webpage from M security protocols and N encryption algorithms; and encrypting the data to be processed according to the first encryption algorithm and the first security protocol to obtain encryption information.
According to an embodiment of the present disclosure, determining a first encryption algorithm and a first security protocol that match a target web page from M security protocols and N encryption algorithms includes: from M security protocols and N encryption algorithms, determining P security protocols and Q encryption algorithms available for a target page, wherein P is a positive integer greater than 1 and less than M, and Q is a positive integer greater than 1 and less than N; and determining a first security protocol from the P security protocols and a first encryption algorithm from the Q encryption algorithms based on the security parameters and the operation parameters of the target webpage.
According to the embodiment of the disclosure, in response to receiving feedback information representing encryption failure, a disaster recovery strategy related to a target webpage is obtained; determining a second encryption algorithm and a second security protocol based on the disaster recovery strategy; and encrypting the data to be processed according to the second encryption algorithm and the second security protocol to obtain encryption information.
According to the embodiment of the disclosure, the disaster recovery strategy is updated by updating the component parameters corresponding to the disaster recovery strategy; when the disaster recovery strategy is updated, the custom configuration class of the encryption and decryption component is unchanged, and comprises configuration parameters of M security protocols and N encryption algorithms.
According to the embodiment of the disclosure, in response to receiving a service request sent by a target webpage, analyzing the service request to obtain data to be decrypted; invoking an encryption and decryption assembly, and decrypting the data to be decrypted in a decryption mode matched with the target webpage to obtain decryption information; and transmitting the decryption information to the service processing module so that the service processing module performs service processing on the decryption information.
According to an embodiment of the present disclosure, invoking an encryption/decryption component to decrypt data to be decrypted by a decryption manner matched with a target web page to obtain decryption information, including: transmitting the data to be decrypted to the encryption and decryption assembly based on a transmission interface between the target webpage and the encryption and decryption assembly; acquiring a first encryption algorithm and a first security protocol matched with a target webpage, and a first decryption algorithm corresponding to the first encryption algorithm; and decrypting the data to be decrypted according to the first decryption algorithm and the first security protocol to obtain decryption information.
A second aspect of the present disclosure provides a data processing apparatus comprising: the analysis module is used for responding to a received data processing request for transmitting the encrypted data to the target webpage and analyzing the data processing request to obtain data to be processed; the processing module is used for calling the encryption and decryption assembly and encrypting the data to be processed in an encryption mode matched with the target webpage to obtain encryption information; and the transmission module is used for transmitting the encrypted information to the target webpage.
A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the data processing method described above.
A fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described data processing method.
A fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the above-described data processing method.
According to the embodiment of the disclosure, when the encryption and decryption component is called, the data to be processed is encrypted in an encryption mode matched with the target webpage, so that encrypted information is obtained. Because the unified encryption and decryption logic is executed on the target webpages from different sources through the unified encryption and decryption assembly, and meanwhile, the matched encryption mode is adopted for the target webpages aiming at the different target webpages, the unified encryption operation of a plurality of webpages can be applied based on the matched mode while the data security is enhanced, the operations such as environment configuration, file configuration, plug-in compatibility, function and performance adjustment are not required to be repeated, and the maintenance cost is reduced. The method solves the problems of resource waste caused by independently encrypting and decrypting a plurality of services and data encryption security defect by adopting a componentized encryption and decryption mode.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be more apparent from the following description of embodiments of the disclosure with reference to the accompanying drawings, in which:
Fig. 1 schematically illustrates an application scenario of a data processing method according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow chart of a data processing method according to an embodiment of the disclosure;
FIG. 3 schematically illustrates a flow chart of data decryption of a data processing method according to an embodiment of the present disclosure;
FIG. 4 schematically illustrates a schematic diagram of encryption and decryption of a data processing method according to an embodiment of the present disclosure;
FIG. 5 schematically illustrates a block diagram of a data processing apparatus according to an embodiment of the present disclosure; and
Fig. 6 schematically shows a block diagram of an electronic device adapted for a data processing method according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a convention should be interpreted in accordance with the meaning of one of skill in the art having generally understood the convention (e.g., "a system having at least one of A, B and C" would include, but not be limited to, systems having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
In the technical scheme of the invention, related user information (including but not limited to user personal information, user image information, user equipment information, such as position information and the like) and data (including but not limited to data for analysis, stored data, displayed data and the like) are information and data authorized by a user or fully authorized by all parties, and the related data are collected, stored, used, processed, transmitted, provided, disclosed, applied and the like, all conform to the related laws and regulations and standards of related areas, necessary security measures are adopted, no prejudice to the public order is made, and a corresponding operation entrance is provided for the user to select authorization or rejection.
The multiple service functions are independently encrypted and decrypted, so that the efficiency is extremely low, and further time and energy are wasted.
Furthermore, encryption requires the use of keys for encryption and decryption operations, and the security management of keys is a critical issue, and if the keys are compromised or broken, the security of the data is compromised. Once the algorithm is broken or a new vulnerability occurs, the encrypted data may be broken. Further, encryption can only secure data during transmission and storage, and once the data is decrypted at the time of use, the data is in a vulnerable state. In order to avoid the defects, the prior art can increase multi-layer data processing operation aiming at business functions with different confidentiality requirements, and carry out encryption protection processing on data for multiple times so as to improve the data security. However, multi-layer data processing may make code redundant and not conducive to data encryption integrated management, and large enterprises performing different encryption operations for multiple business function modules may also affect data encryption integrated management.
Aiming at the problems, the inventor finds that the unified encryption operation applicable to a plurality of webpages is realized by calling the unified encryption and decryption assembly and encrypting by adopting an encryption mode matched with the target webpage, so that the resource waste is avoided, the maintenance cost is reduced, and the safety of data is enhanced.
The embodiment of the disclosure provides a data processing method, which is used for responding to a data processing request for transmitting encrypted data to a target webpage, and analyzing the data processing request to obtain data to be processed; invoking an encryption and decryption component, and encrypting the data to be processed in an encryption mode matched with the target webpage to obtain encryption information; and transmitting the encrypted information to the target web page.
Fig. 1 schematically illustrates an application scenario of a data processing method according to an embodiment of the present disclosure.
As shown in fig. 1, the application scenario 100 according to this embodiment may include a first terminal device 101, a second terminal device 102, a third terminal device 103, a network 104, a server 105, and a service processing module 106. The network 104 is a medium used to provide a communication link between the first terminal device 101, the second terminal device 102, the third terminal device 103, and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 through the network 104 using at least one of the first terminal device 101, the second terminal device 102, the third terminal device 103, to receive or send messages, etc. Various communication client applications, such as a shopping class application, a web browser application, a search class application, an instant messaging tool, a mailbox client, social platform software, etc. (by way of example only) may be installed on the first terminal device 101, the second terminal device 102, and the third terminal device 103.
The first terminal device 101, the second terminal device 102, the third terminal device 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like. For sending a service request to the server 105 and receiving encryption information.
The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for websites browsed by the user using the first terminal device 101, the second terminal device 102, and the third terminal device 103. The background management server may decrypt the data to be decrypted according to the received service request, send the decrypted data to the service processing module 106, and feed back the encrypted information to the terminal device.
The service processing module 106 may be a system with multiple service processing functions or a software processing module in the system, and is configured to execute corresponding service functions. For example, a transfer function, an approval function, office information presentation or circulation, etc. are performed.
It should be noted that the data processing method provided in the embodiments of the present disclosure may be generally performed by the server 105. Accordingly, the data processing apparatus provided by the embodiments of the present disclosure may be generally provided in the server 105. The data processing method provided by the embodiments of the present disclosure may also be performed by a server or a server cluster that is different from the server 105 and is capable of communicating with the first terminal device 101, the second terminal device 102, the third terminal device 103, the service processing module 106, and/or the server 105. Accordingly, the data processing apparatus provided by the embodiments of the present disclosure may also be provided in a server or a server cluster that is different from the server 105 and is capable of communicating with the first terminal device 101, the second terminal device 102, the third terminal device 103, the service processing module 106 and/or the server 105.
It should be understood that the number of terminal devices, networks, traffic processing modules and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The data processing method of the disclosed embodiment will be described in detail below with reference to fig. 2 to 4 based on the scenario described in fig. 1.
Fig. 2 schematically illustrates a flow chart of a data processing method according to an embodiment of the present disclosure.
As shown in fig. 2, the method 200 includes operations S210 to S230.
In response to receiving a data processing request for transmitting encrypted data to a target web page, data to be processed is parsed from the data processing request in operation S210.
In operation S220, the encryption/decryption component is invoked to encrypt the data to be processed in an encryption manner matched with the target web page, so as to obtain encryption information.
In operation S230, the encrypted information is transmitted to the target web page.
According to an embodiment of the present disclosure, the target web page includes a plurality of web pages for implementing different services, which may be an asset service, a liability service, an intermediate service, and the like. Each target web page requires different data for different services.
According to embodiments of the present disclosure, the data to be processed may be data associated with different services, such as a memory credit, an extraction credit, and target information. The encryption information is information data obtained by encrypting the data to be processed.
According to the embodiment of the disclosure, when a user browses a target webpage and judges that the user needs to acquire related data on the target webpage, a server receives a data processing request. When the server responds to the data processing request, the data to be processed can be parsed from the data processing request.
For example, when a user browses a target web page related to liability service, the user needs to transact a lending service, and after processing the lending service, a service function module related to the lending service generates a data processing request for encrypting the processed data and returning the encrypted data to the target web page. And the server receives the data processing request, calls an encryption and decryption component to encrypt data obtained by analyzing the data processing request, and returns the encrypted information to the target webpage. The target web page may obtain target information related to the lending through an encryption operation.
According to an embodiment of the present disclosure, an encryption and decryption component includes a plurality of encryption algorithms and security protocols, and encrypts data to be processed. In order to improve the security, multi-layer encryption protection processing can be performed on the encryption and decryption component. Because the encryption process is implemented in the unified encryption and decryption assembly, the multi-layer encryption protection can not influence the logic processing process of each service function module, avoids introducing new codes, and can also avoid the problem of low encryption efficiency on the basis of improving the security.
According to the embodiment of the disclosure, when the encryption and decryption component is called, the data to be processed is encrypted in an encryption mode matched with the target webpage, so that encrypted information is obtained. Because the unified encryption and decryption logic is executed on the target webpages from different sources through the unified encryption and decryption assembly, and meanwhile, the matched encryption mode is adopted for the target webpages aiming at the different target webpages, the unified encryption operation of a plurality of webpages can be applied based on the matched mode while the data security is enhanced, the operations such as environment configuration, file configuration, plug-in compatibility, function and performance adjustment are not required to be repeated, and the maintenance cost is reduced. The method solves the problems of resource waste caused by independently encrypting and decrypting a plurality of services and data encryption security defect by adopting a componentized encryption and decryption mode.
According to an embodiment of the disclosure, the encryption and decryption component includes M security protocols and N encryption algorithms, M is a positive integer greater than 1, N is a positive integer greater than 1; invoking an encryption and decryption assembly to encrypt data to be processed in an encryption mode matched with a target webpage to obtain encryption information, wherein the encryption information comprises the following steps: transmitting the data to be processed to the encryption and decryption assembly through a target transmission interface, wherein the target transmission interface is related to a target webpage; determining a first encryption algorithm and a first security protocol matched with a target webpage from M security protocols and N encryption algorithms; and encrypting the data to be processed according to the first encryption algorithm and the first security protocol to obtain encryption information.
According to embodiments of the present disclosure, the target transport interface may be an application program interface (Application Program Interface, API).
According to the embodiment of the disclosure, since the target web page encrypted and decrypted by the encryption and decryption component can come from different data sources, a target transmission interface can be constructed in the encryption and decryption component and used for transmitting the encrypted information to the matched target web page or acquiring the information to be encrypted from the matched service function module.
According to the embodiment of the disclosure, the target transmission interface of the encryption and decryption component can be constructed in a mode of supplementing the corresponding document of the API. The corresponding documents comprise configuration documents of APIs, using modes of the APIs and the like.
According to the embodiment of the disclosure, the first encryption algorithm and the first security protocol may be security protocols and encryption algorithms which are optimally matched with the encryption requirement of the target webpage from M security protocols and N encryption algorithms of the encryption and decryption component. After determining the first encryption algorithm and the first security protocol matched with the target webpage, the data to be processed can be encrypted according to the first encryption algorithm and the first security protocol to obtain encryption information.
According to an embodiment of the present disclosure, determining a first encryption algorithm and a first security protocol that match a target web page from M security protocols and N encryption algorithms includes: from M security protocols and N encryption algorithms, determining P security protocols and Q encryption algorithms available for a target page, wherein P is a positive integer greater than 1 and less than M, and Q is a positive integer greater than 1 and less than N; and determining a first security protocol from the P security protocols and a first encryption algorithm from the Q encryption algorithms based on the security parameters and the operation parameters of the target webpage.
According to the embodiment of the disclosure, when the encryption and decryption assembly is constructed, the automatic configuration function in the encryption and decryption assembly can be defined, so that when the data to be processed is encrypted, different encryption algorithms and security protocols are selected for logic processing according to different encryption requirements. The different encryption requirements may be determined based on two dimensions, a security parameter and an operation parameter.
For example, if the target web page is used for handling liability service and the asset source needs to be acquired, security is pursued compared with the running processing speed, among the M security protocols and the N encryption algorithms, P security protocols with higher security parameters and Q encryption algorithms are selected, and the most suitable encryption algorithm and security protocol are determined as the first security protocol and the first encryption algorithm.
If the target web page is used for handling the intermediate service and related proxy service needs to be executed, high operation parameters are needed to improve service handling efficiency. At this time, among the M security protocols and the N encryption algorithms, P security protocols and Q encryption algorithms with higher operation parameters are selected, and the most suitable encryption algorithm and security protocol are determined therefrom as the first security protocol and the first encryption algorithm.
According to embodiments of the present disclosure, the security parameters may include a functional security level, a data security level, or a core degree of the target web page or the business function module; the operation parameters are used for representing timeliness requirements and data processing speed requirements of the target webpage or the service function module.
According to an embodiment of the present disclosure, the method further comprises: responding to the received feedback information representing the encryption failure, and acquiring a disaster recovery strategy related to the target webpage; determining a second encryption algorithm and a second security protocol based on the disaster recovery strategy; and encrypting the data to be processed according to the second encryption algorithm and the second security protocol to obtain encryption information.
According to the embodiment of the disclosure, when the first security protocol and the first encryption algorithm fail to encrypt the data to be processed, a certain potential safety hazard is caused. By setting a disaster recovery strategy, M security protocols and N encryption algorithms are prioritized in advance for different parameter dimensions, and when a server receives feedback information of encryption failure, an encryption and decryption component immediately determines a second encryption algorithm and a second security protocol according to the preset priorities and encrypts data to be processed in time.
For example, the disaster recovery policy may include selecting a second security protocol based on a priority of security parameters of the target web page/business function module. Or selecting the second security protocol according to the priority of the operation parameters of the target webpage/service function module. And selecting a second security protocol based on the weighted summation result of the priority of the security parameter and the priority of the operation parameter of the target webpage/service function module.
According to the embodiment of the disclosure, the disaster recovery function is realized by prioritizing the security protocol and the encryption algorithm. The flexibility of the data processing process is further improved while ensuring the security.
According to the embodiment of the disclosure, the disaster recovery strategy is updated by updating the component parameters corresponding to the disaster recovery strategy; when the disaster recovery strategy is updated, the custom configuration class of the encryption and decryption component is unchanged, and comprises configuration parameters of M security protocols and N encryption algorithms.
According to the embodiment of the disclosure, the priorities of the security protocols and the encryption algorithms can be freely adjusted according to actual needs, and since the custom configuration class of the encryption and decryption components is unchanged, that is, when the disaster recovery strategy is adjusted, the configuration parameters of the security protocols and the encryption algorithms are not required to be adjusted together. Therefore, the disaster recovery strategy can be flexibly updated without affecting the configuration of the internal encryption algorithm and the security protocol, and the updating code quantity is reduced while the flexibility is ensured.
Fig. 3 schematically illustrates a flow chart of data decryption of a data processing method according to an embodiment of the present disclosure.
As shown in fig. 3, the data decryption of the data processing method includes operations S310 to S330.
In operation S310, in response to receiving the service request transmitted by the target web page, the data to be decrypted is parsed from the service request.
In operation S320, the encryption/decryption component is invoked to decrypt the data to be decrypted by the decryption mode matched with the target web page, so as to obtain decryption information.
In operation S330, the decryption information is transmitted to the service processing module so that the service processing module performs service processing on the decryption information.
According to the embodiment of the disclosure, when the target webpage handles different services, a service request needs to be sent to a server to obtain data required by handling the services. The server analyzes the service request and determines the data to be decrypted required by the user from the service request.
According to the embodiment of the disclosure, when a user handles an asset service, the user needs to acquire the current own memory line, and at this time, the server obtains the memory line to be decrypted as data to be decrypted by analyzing the service request. The decrypted data is the data obtained by decrypting the encrypted memory line.
According to an embodiment of the present disclosure, the service processing module is configured to perform service processing on the received decrypted data. The service processing may be that the service processing module determines a data processing request according to the acquired memory line, so that the target webpage obtains safe encryption information.
According to the embodiment of the disclosure, the server can respond to the data processing request from the service function module so as to transmit the encrypted data to the target webpage, and can also respond to the service request sent by the target webpage. For example, a user is browsing a target web page related to an intermediate service, needs to transact a proxy service, and obtains proxy information related to the service. The server analyzes the encrypted proxy information according to the received service request, and immediately invokes the encryption and decryption component to decrypt the encrypted proxy information. The encryption and decryption assembly selects a decryption mode matched with the target webpage according to an encryption algorithm and a security protocol stored in the module, decrypts the encrypted proxy information to obtain proxy information, and feeds the decrypted information back to the service processing module.
According to an embodiment of the present disclosure, invoking an encryption/decryption component to decrypt data to be decrypted by a decryption manner matched with a target web page to obtain decryption information, including: transmitting the data to be decrypted to the encryption and decryption assembly based on a transmission interface between the target webpage and the encryption and decryption assembly; acquiring a first encryption algorithm and a first security protocol matched with a target webpage, and a first decryption algorithm corresponding to the first encryption algorithm; and decrypting the data to be decrypted according to the first decryption algorithm and the first security protocol to obtain decryption information.
According to the embodiment of the disclosure, the transmission interface may be an API, and the interaction between the target webpage and the encryption and decryption component is achieved by calling different APIs, so that the data to be decrypted is transmitted to the encryption and decryption component. And selecting P security protocols and Q encryption algorithms matched with the target webpage from the M security protocols and the N encryption algorithms, and determining the most suitable encryption algorithm and security protocol from the P security protocols and the Q encryption algorithms as a first security protocol and a first encryption algorithm. And decrypting the data to be decrypted according to the first decryption algorithm and the first security protocol to obtain decryption information.
According to the embodiment of the disclosure, the target webpage, the encryption and decryption component and the service processing module for realizing the service function corresponding to the target webpage can perform data transmission through the same transmission interface or can perform data transmission through different transmission interfaces.
Fig. 4 schematically illustrates a schematic diagram of encryption and decryption of a data processing method according to an embodiment of the present disclosure.
As shown in fig. 4, the target web page 410 sends a service request, and the server 420 responds to the request and parses the data to be decrypted. The server 420 invokes the encryption and decryption component to decrypt the data to be decrypted to obtain decrypted data 430, specifically, obtains P security protocols and Q encryption algorithms matched with the target web page from M security protocols and N encryption algorithms in the encryption and decryption component, and determines a first encryption algorithm and a first security protocol based on the security parameters and the operation parameters to decrypt the data to be processed. The decrypted data 430 is transmitted to a traffic processing module 440.
In addition, the server 420 also receives a data processing request sent by the service processing module 440 for transmitting encrypted data to the target web page, and parses the data to be processed. The server 420 invokes an encryption/decryption component to encrypt the data to be processed to obtain encrypted data 450, where the manner of determining the first encryption algorithm and the first security protocol during decryption is the same, and will not be described herein. The encrypted data 450 is transmitted to the target web page 410.
The encryption and decryption component 420 is constructed in the following manner according to an embodiment of the present disclosure. Before the encryption and decryption assembly is built, a ctp-spring-boot-starter module is built in a springboot framework of an open source, and meanwhile, a ctp-data-spring-boot-autoconfigure module is built and introduced into the starter module.
An automatic configuration function can be defined in the ctp-data-spring-boot-autoconfigure module, and an automatic configuration file META-INF/spring/xxxx.portals can be defined so as to realize a plurality of encryption and decryption modes aiming at a plurality of target webpages by calling an encryption and decryption component.
When the two modules are initialized, the autoconfigure module and the starter module can be filled with basic information of an encryption algorithm, a decryption algorithm and a security protocol, wherein the basic information can be the type and the number of the introduced encryption algorithm or security protocol, version information and the like. Wherein, the above-mentioned two modules all include: xml files, iml files, and call folders. For example, the ctp-spring-boot-starter module includes a pon.xml file and a ctp-data-spring-boot-starter.iml file, and the ctp-data-spring-boot-autoconfigure module includes a pon.xml file and a ctp-data-oss-spring-boot-starter.iml, and in addition, the ctp-data-spring-boot-autoconfigure module also retains the src folder.
In the above two modules, other files than the above-described files may be deleted, and the functions of the modules themselves are not affected after deletion. The module can be more concise by deleting the useless files, so that the running efficiency is improved while the resource waste is avoided.
Further, the dependency of configuration, i.e. the dependency item of the configuration parameters, is introduced in the poc.xml file of the starter module. In addition, framework dependencies can also be introduced in the pore.xml file of the configuration module. Specifically, by means of manual configuration, the utils file is placed under the com.ctp.data directory, at this time, springboot starts the dependency, and configuration information is loaded under the yml file by itself. The selection of the open frame is not limited to Springboot, and one skilled in the art can select the open frame according to actual needs.
After the auto-configuration function is configured, the configured information may form a custom configuration class CtpDataConfiguration. When the Springboot framework is started, the Springboot framework automatically loads files corresponding to the configuration modules, and the custom configuration classes CtpDataConfiguration are imported into Springboot IOC container management so as to realize bean object operation by directly injecting Utils when the encryption and decryption framework is used.
Further, when the encryption and decryption component is constructed, the API interface between the newly added webpage and the encryption and decryption component can be created, so that the newly added webpage can call the encryption and decryption component to realize encryption and decryption operations only through simple configuration operations.
When creating the API interface between the newly added webpage and the encryption and decryption component, the corresponding document of the API interface can be stored to the corresponding address. After creating the API interface, the component may be exposed by executing the name and testing the accuracy of the API.
According to embodiments of the present disclosure, the encryption and decryption component may include a variety of encryption algorithms and security protocols. The encryption algorithm can be symmetric encryption or asymmetric encryption, and the symmetric encryption comprises AES, DES, 3DES and other algorithms; security protocols include IPSec, SSL/TLS, etc.
According to the embodiment of the disclosure, the symmetric cryptosystem is suitable for a closed system, and the same secret key is used for encryption and decryption, wherein users are related and trusted to each other. DES is a typical single key cryptographic algorithm that works in a block-wise fashion where it is used for non-secure communications. And grouping the plaintext of the binary sequence, replacing and replacing the plaintext by using a key, and finally forming a ciphertext. DES can be used for both encryption and decryption. Except for the key input sequence, the encryption and decryption steps are identical, so that standardization and generalization can be easily achieved when the DES chip is manufactured, and the method is very suitable for the requirements of modern communication.
According to an embodiment of the present disclosure, IPSec uses cryptography to protect the security architecture of IP layer communications, which is a protocol cluster that protects the network transport protocol cluster of the IP protocol by encrypting and authenticating packets of the IP protocol. SSL/TLS is a framework of cryptographic communication and is considered to be the most widely used cryptographic method worldwide. SSL/TLS comprehensively utilizes symmetric passwords in cryptography, message authentication codes, public key passwords, digital signatures, pseudo-random number generators and the like.
According to the embodiment of the disclosure, the encryption and decryption component can effectively encrypt the data safely and efficiently. For different requirements of projects and programming languages, files such as HTML, CSS, javaScript and the like related to the requirements are generated in the created folder, and the basic functions of the components are realized by writing codes. Preprocessing the data in the interaction process, and calling the component to process the data if encryption or decryption is needed, so as to ensure the safety of the data in the interaction process. In order to further improve the usability of the component, a plurality of encryption algorithms and security protocols can be integrated, an encryption strategy method matched with a target webpage is timely selected according to requirements, and meanwhile, the introduced encryption algorithm and security protocol are required to be subjected to dependence control, so that similar problems such as dependence collision and the like are prevented. Further, the component incorporates and uses external dependencies, such as other libraries or frameworks, and ensures proper installation and configuration of the dependencies as directed by the document or course.
According to the embodiment of the disclosure, the encryption and decryption parts of the data are used in a modularized manner, so that the security of the data in the development process of the bank software is enhanced, the resource consumption is reduced, and the response speed is improved. Further, due to the adoption of the component encryption, the code can be multiplexed in different pages, so that the maintainability and the reusability of the code are improved. The code scalability is improved to a certain extent, the data security is enhanced, and the quick development of developers is facilitated. Furthermore, the encryption and decryption assembly is suitable for a plurality of data encryption scenes, and the operations of environment configuration, file configuration, plug-in compatibility, function and performance adjustment and the like aiming at different services in the data encryption process can be effectively avoided, so that the waste of time and energy is further caused.
Fig. 5 schematically shows a block diagram of a data processing apparatus according to an embodiment of the present disclosure.
As shown in fig. 5, the data processing apparatus 500 of this embodiment includes a parsing module 510, a processing module 520, and a transmission module 530.
The parsing module 510 is configured to parse the data to be processed from the data processing request in response to receiving the data processing request for transmitting the encrypted data to the target web page. In an embodiment, the first obtaining module 510 may be configured to perform the operation S210 described above, which is not described herein.
The processing module 520 is configured to invoke the encryption/decryption component, encrypt the data to be processed in an encryption manner matched with the target web page, and obtain encrypted information. In an embodiment, the first determining module 520 may be configured to perform the operation S220 described above, which is not described herein.
The transmission module 530 is used for transmitting the encrypted information to the target web page. In an embodiment, the second obtaining module 530 may be used to perform the operation S230 described above, which is not described herein.
According to the embodiment of the disclosure, when the encryption and decryption component is invoked, the processing module 520 encrypts the data to be processed in an encryption manner matched with the target webpage to obtain encryption information. The data encryption is used in a modularized manner, so that the data security in the development process is enhanced, the unified encryption operation of a plurality of webpages can be applied based on the matched form, the operations such as environment configuration, file configuration, plug-in compatibility, function and performance adjustment are not required to be repeated, and the maintenance cost is reduced. The method solves the problems of resource waste caused by independently encrypting and decrypting a plurality of services and the defect of data encryption safety.
According to an embodiment of the present disclosure, parsing module 510 includes a first transmission sub-module, a determination sub-module, and an encryption sub-module.
The first transmission submodule is used for transmitting the data to be processed to the encryption and decryption component through a target transmission interface, wherein the target transmission interface is related to a target webpage.
The determining submodule is used for determining a first encryption algorithm and a first security protocol matched with the target webpage from M security protocols and N encryption algorithms.
The encryption sub-module is used for encrypting the data to be processed according to the first encryption algorithm and the first security protocol to obtain encryption information.
According to an embodiment of the present disclosure, the determination submodule includes a first determination unit, a second determination unit, an acquisition unit, a third determination unit, an encryption unit, and an update unit.
The first determining unit is configured to determine P security protocols and Q encryption algorithms available for the target page from the M security protocols and the N encryption algorithms, where P is a positive integer greater than 1 and less than M, and Q is a positive integer greater than 1 and less than N.
The second determining unit is used for determining a first security protocol from P security protocols and determining a first encryption algorithm from Q encryption algorithms based on the security parameters and the operation parameters of the target webpage.
The acquisition unit is used for responding to the received feedback information representing the encryption failure and acquiring the disaster recovery strategy related to the target webpage.
The third determining unit is used for determining a second encryption algorithm and a second security protocol based on the disaster recovery strategy.
The encryption unit is used for encrypting the data to be processed according to the second encryption algorithm and the second security protocol to obtain encryption information.
The updating unit is used for updating the disaster recovery strategy by updating the component parameters corresponding to the disaster recovery strategy; when the disaster recovery strategy is updated, the custom configuration class of the encryption and decryption component is unchanged, and comprises configuration parameters of M security protocols and N encryption algorithms.
According to an embodiment of the present disclosure, the data processing apparatus 500 further includes a response module, a decryption module, and a decryption information transmission module.
The response module is used for responding to the service request sent by the target webpage and analyzing the service request to obtain the data to be decrypted.
The decryption module is used for calling the encryption and decryption assembly and decrypting the data to be decrypted in a decryption mode matched with the target webpage to obtain decryption information.
The decryption information transmission module is used for transmitting the decryption information to the service processing module so that the service processing module can perform service processing on the decryption information.
According to an embodiment of the disclosure, the decryption module includes a second transmission sub-module, an acquisition sub-module, and a decryption sub-module.
The second transmission submodule is used for transmitting the data to be decrypted to the encryption and decryption assembly based on a transmission interface between the target webpage and the encryption and decryption assembly.
The acquisition sub-module is used for acquiring a first encryption algorithm and a first security protocol matched with the target webpage and a first decryption algorithm corresponding to the first encryption algorithm.
The decryption sub-module is used for decrypting the data to be decrypted according to the first decryption algorithm and the first security protocol to obtain decryption information.
Any of the parsing module 510, the processing module 520, and the transmission module 530 may be combined in one module to be implemented, or any of the modules may be split into a plurality of modules according to an embodiment of the present disclosure. Or at least some of the functionality of one or more of the modules may be combined with, and implemented in, at least some of the functionality of other modules.
According to embodiments of the present disclosure, at least one of parsing module 510, processing module 520, and transmission module 530 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), programmable Logic Array (PLA), system-on-chip, system-on-substrate, system-on-package, application Specific Integrated Circuit (ASIC), or in hardware or firmware, in any other reasonable manner of integrating or packaging circuitry, or in any one of or a suitable combination of any of three implementations of software, hardware, and firmware. Or at least one of the parsing module 510, the processing module 520 and the transmission module 530 may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
Fig. 6 schematically shows a block diagram of an electronic device adapted for a data processing method according to an embodiment of the disclosure.
As shown in fig. 6, an electronic device 600 according to an embodiment of the present disclosure includes a processor 601 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. The processor 601 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. Processor 601 may also include on-board memory for caching purposes. The processor 601 may comprise a single processing unit or a plurality of processing units for performing different actions of the method flows according to embodiments of the disclosure.
In the RAM 603, various programs and data necessary for the operation of the electronic apparatus 600 are stored. The processor 601, the ROM 602, and the RAM 603 are connected to each other through a bus 604. The processor 601 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 602 and/or the RAM 603. Note that the program may be stored in one or more memories other than the ROM 602 and the RAM 603. The processor 601 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the present disclosure, the electronic device 600 may also include an input/output (I/O) interface 605, the input/output (I/O) interface 605 also being connected to the bus 604. The electronic device 600 may also include one or more of the following components connected to the input/output I/O interface 605: an input portion 606 including a keyboard, mouse, etc.; an output portion 607 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The drive 610 is also connected to the I/O interface 605 as needed. Removable media 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on drive 610 so that a computer program read therefrom is installed as needed into storage section 608.
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 602 and/or RAM 603 and/or one or more memories other than ROM 602 and RAM 603 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowcharts. The program code, when executed in a computer system, causes the computer system to perform the methods provided by embodiments of the present disclosure.
The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 601. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed in the form of signals over a network medium, and downloaded and installed via the communication section 609, and/or installed from the removable medium 611. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network through the communication portion 609, and/or installed from the removable medium 611. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 601. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
While the foregoing is directed to embodiments of the present disclosure, other and further details of the invention may be had by the present application, it is to be understood that the foregoing description is merely exemplary of the present disclosure and that no limitations are intended to the scope of the disclosure, except insofar as modifications, equivalents, improvements or modifications may be made without departing from the spirit and principles of the present disclosure.

Claims (11)

1. A data processing method, comprising:
in response to receiving a data processing request for transmitting encrypted data to a target webpage, analyzing the data processing request to obtain data to be processed;
invoking an encryption and decryption assembly, and encrypting the data to be processed in an encryption mode matched with the target webpage to obtain encryption information; and
And transmitting the encrypted information to a target webpage.
2. The method of claim 1, wherein the encryption and decryption component comprises M security protocols and N encryption algorithms, M being a positive integer greater than 1 and N being a positive integer greater than 1;
The calling encryption and decryption assembly encrypts the data to be processed in an encryption mode matched with the target webpage to obtain encryption information, and the method comprises the following steps:
transmitting the data to be processed to the encryption and decryption component through a target transmission interface, wherein the target transmission interface is related to the target webpage;
determining a first encryption algorithm and a first security protocol matched with a target webpage from the M security protocols and the N encryption algorithms; and
And encrypting the data to be processed according to the first encryption algorithm and the first security protocol to obtain the encryption information.
3. The method of claim 2, wherein the determining a first encryption algorithm and a first security protocol that match the target web page from the M security protocols and the N encryption algorithms comprises:
Determining P security protocols and Q encryption algorithms available for the target page from the M security protocols and the N encryption algorithms, wherein P is a positive integer greater than 1 and less than M, and Q is a positive integer greater than 1 and less than N; and
And determining the first security protocol from the P security protocols and determining a first encryption algorithm from the Q encryption algorithms based on the security parameters and the operation parameters of the target webpage.
4. A method according to claim 3, further comprising:
Responding to the received feedback information representing the encryption failure, and acquiring a disaster recovery strategy related to the target webpage;
determining a second encryption algorithm and a second security protocol based on the disaster recovery strategy; and
And encrypting the data to be processed according to the second encryption algorithm and the second security protocol to obtain the encryption information.
5. The method of claim 4, further comprising:
Updating the disaster recovery strategy by updating component parameters corresponding to the disaster recovery strategy;
when the disaster recovery strategy is updated, the custom configuration class of the encryption and decryption component is unchanged, and comprises configuration parameters of the M security protocols and the N encryption algorithms.
6. The method of claim 1, further comprising:
Responding to a service request sent by the target webpage, and analyzing the service request to obtain data to be decrypted;
Invoking an encryption and decryption assembly, and decrypting the data to be decrypted in a decryption mode matched with the target webpage to obtain decryption information; and
And transmitting the decryption information to a service processing module so that the service processing module can perform service processing on the decryption information.
7. The method of claim 6, wherein the calling the encryption and decryption component decrypts the data to be decrypted by a decryption method matched with the target web page to obtain decryption information, and comprises:
Transmitting the data to be decrypted to the encryption and decryption component based on a transmission interface between the target webpage and the encryption and decryption component;
Acquiring a first encryption algorithm and a first security protocol matched with a target webpage, and a first decryption algorithm corresponding to the first encryption algorithm; and
And decrypting the data to be decrypted according to the first decryption algorithm and the first security protocol to obtain the decryption information.
8. A data processing apparatus comprising:
The analysis module is used for responding to a received data processing request for transmitting the encrypted data to the target webpage, and analyzing the data processing request to obtain data to be processed;
The processing module is used for calling the encryption and decryption assembly and encrypting the data to be processed in an encryption mode matched with the target webpage to obtain encryption information; and
And the transmission module is used for transmitting the encrypted information to a target webpage.
9. An electronic device, comprising:
one or more processors;
Storage means for storing one or more programs,
Wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-7.
10. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any of claims 1-7.
11. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 7.
CN202410092543.4A 2024-01-23 2024-01-23 Data processing method, apparatus, device, medium, and program product Pending CN117896153A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410092543.4A CN117896153A (en) 2024-01-23 2024-01-23 Data processing method, apparatus, device, medium, and program product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410092543.4A CN117896153A (en) 2024-01-23 2024-01-23 Data processing method, apparatus, device, medium, and program product

Publications (1)

Publication Number Publication Date
CN117896153A true CN117896153A (en) 2024-04-16

Family

ID=90639334

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410092543.4A Pending CN117896153A (en) 2024-01-23 2024-01-23 Data processing method, apparatus, device, medium, and program product

Country Status (1)

Country Link
CN (1) CN117896153A (en)

Similar Documents

Publication Publication Date Title
JP6545136B2 (en) System and method for encrypted transmission of web pages
US10462135B2 (en) Systems and methods for providing confidentiality and privacy of user data for web browsers
US9118700B2 (en) Encrypted network traffic interception and inspection
US9460288B2 (en) Secure app update server and secure application programming interface (“API”) server
WO2014145039A1 (en) Intra-computer protected communications between applications
US20170371625A1 (en) Content delivery method
EP2973183A1 (en) Intra-computer protected communications between applications
CN114826733B (en) File transmission method, device, system, equipment, medium and program product
CN115529130B (en) Data processing method, terminal, server, system, device, medium and product
JP2010072916A (en) Data protection system and data protection method
CN111954879A (en) Mutual untrusted enclave
CN107920060B (en) Data access method and device based on account
CN114615087B (en) Data sharing method, device, equipment and medium
CN111831978A (en) Method and device for protecting configuration file
CN114491489A (en) Request response method and device, electronic equipment and storage medium
CN115001828A (en) Secure access method, system, electronic device and medium for transaction data
CN117896153A (en) Data processing method, apparatus, device, medium, and program product
CN110457959B (en) Information transmission method and device based on Trust application
CN114584378A (en) Data processing method, device, electronic equipment and medium
CN114584299A (en) Data processing method and device, electronic equipment and storage medium
CN110851754A (en) Webpage access method and system, computer system and computer readable storage medium
CN113472785B (en) Data processing method and device, electronic equipment and readable storage medium
CN114826616B (en) Data processing method, device, electronic equipment and medium
CN117978469A (en) Communication method, device, medium, and program product
CN114666119B (en) Data processing method, device, electronic equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination